Is Bitcoin Facing an Existential Crisis?

Over the years there have been several rationales provided to demonstrate the value of bitcoin in particular – store of value, non-correlated, global, private – and all have, at some time or another, been knocked by events. Currently the cryptocurrency is under the pump from macro and geopolitical events, but, rightly, these are seen as shorter term influences. Is bitcoin facing a much larger threat however, one that could threaten its entire value proposition?

A team at Google Quantum AI have published a white paper looking at the quantum threat to the cryptocurrency and tokenisation industry more generally. In seeking to achieve balance, it highlights areas of the crypto world that are effectively “quantum resistant”, but also notes that when it comes to cracking bitcoin’s codes, rather than the millions of physical qubits originally thought to do the work, it now requires, on a standard superconducting architecture “fewer than half a million”.

This is a reduction of more than 20-times previous estimates, and while the machine to deliver such work does not exist, the lower workload likely brings closer the day when the crypto industry has to establish some sort of protective mechanism against quantum attacks. “This reduction in quantum resources needed to solve [the problem] on a quantum computer reflects the general pattern of quantum algorithmic improvements,” the authors write.

The reduced effort required also brings another threat into play – the authors claim that their analysis gives the first clear indication that superconducting qubits could launch attacks within the average block time of bitcoin and bitcoin cash, thus enabling “on-spend” attacks whereby a transaction is intercepted, the key is broken, and a fraudulent transaction is syndicated in the brief period of time before it is recorded on the blockchain. “This prospect highlights the importance of migrating to Post-Quantum Cryptography (PQC) and of mitigation measures that thwart on-spend attacks, such as private mempools and commit-reveal schemes,” the paper states.

Technical and logistical difficulties make migration to post-quantum cryptosystems a slow process. For some blockchains, this may be exacerbated by challenges involved in reaching sufficiently broad consensus.

PQC is seen by the authors as “the ultimate path towards post-quantum security in blockchain technologies”, although they observe the path “is technically clear, if logistically difficult”. They argue that steps towards this complex migration should begin immediately. In line with the “defence-in-depth” principle, they recommend that intermediate mitigation measures also be urgently adopted. Such measures are technically simpler than a full upgrade of the underlying cryptosystems which allows them to be deployed earlier,” they write. “The need for urgency arises from multiple considerations. Technical and logistical difficulties make migration to post-quantum cryptosystems a slow process. For some blockchains, this may be exacerbated by challenges involved in reaching sufficiently broad consensus.”

On the latter point, the authors highlight the bitcoin community’s lack of consensus over previous proposals that increased bandwidth requirements of running network nodes, that led to hard forks. “Moreover, some of the current technical and financial trends in cryptocurrencies magnify quantum risks while exposing new funds and assets,” the paper states. “Specifically, the quantum attack surface of blockchain-based systems continues to expand due to the introduction of new privacy and scalability features based on quantum-vulnerable cryptography.

“At the same time, financial developments, such as fiat-backed stablecoins and tokenisation of other real-world assets (RWA), are projected to increase the pool of assets governed by smart contracts by nearly an order of magnitude by 2030,” it adds. “Most of this activity takes place on general-purpose blockchains for smart contracts, primarily Ethereum and to some extent Solana, with growing issuance on specialised blockchains, such as Algorand, Stellar, and the XRP Ledger notable for protocol-level support for RWA tokenisation.

“The account model and smart contracts employed by these blockchains introduce new quantum vulnerabilities not present in Bitcoin and its derivatives,” the authors warn.

Ethereum also faces substantial at-rest vulnerabilities that must be dealt with before cryptographically-relevant quantum computers arrive

Perhaps the biggest challenge is to dormant accounts, the authors claim, noting that unlike active wallets, these cannot migrate to new protection standards. “[These assets] represent a fixed target — tens or hundreds of billions of dollars in value that will eventually become accessible to a quantum attacker,” they write. “The community will soon face difficult, unprecedented decisions regarding the fate of these assets, forcing trade-offs between the immutability of cryptographic property rights and the economic stability of the network.”

Bitcoin is not the only area of the crypto world under threat from quantum, according to the authors, who observe, “Ethereum also faces substantial at-rest vulnerabilities that must be dealt with before cryptographically-relevant quantum computers (CRQCs) arrive,” they write. “The account model uses vulnerable elliptic curves as a core component of onchain identity, putting all accounts that have carried out transactions at risk including high value accounts, such as exchange hot wallets. Smart contracts with exposed admin keys that cannot be easily rotated (without draining and replacing the contracts themselves) create a logistical bottleneck for security upgrades that puts “low ether, high leverage” accounts and contracts responsible for tokenised real-world assets, oracles, bridges, guardians, etc. at risk. “Moreover, the potential compromise of validators threatens the integrity of the Proof-of-Stake consensus mechanism itself, creating an existential risk to the chain’s continued operation,” it continues. “Finally, the vulnerability of Data Availability Sampling mechanism opens it up to on-setup attacks that can be launched without a quantum computer using a reusable exploit created once on a CRQC. Ethereum is more exposed than bitcoin due to the prevalence of at-rest vulnerabilities, but its recent active steps towards PQC migration promise a potentially more expedient transition to quantum-safe protocols.

The good news for the crypto community is that the authors stress that the time it will take to arrive at active machines capable of breaking the codes is longer than the time it could take to install protective measures. The bad news is, whereas the industry maybe thought it had a decade or more, the time horizon is now likely down to less than five years. This requires consensus, something that is notoriously difficult in a DeFi environment.

It argues that a bifurcated approach whereby governments introduce a clear policy framework that could act as a compliment to, rather than a substitute for, technical intervention.

Ultimately, however, the paper should provide both a warning and signal the start of an effort to protect blockchains from quantum attacks. It warns that advances in quantum computing “represents a serious threat to cryptocurrencies”, that is “not merely a distant danger to dormant keys”.